About

Privacy Policy

Effective date: 20 April 2026 (update this date when you publish).

This Privacy Policy describes how we collect, use, store, and share personal data when you use this website and related services (the “Services”). It is written for visitors and customers in the United Kingdom and the European Economic Area, as well as other regions where our Services are available.

Important: This document is a practical draft for your storefront. It is not legal advice. You should have a qualified lawyer review and adapt it for your legal entity, products, analytics tools, advertising pixels, and actual data practices before you rely on it.

Data controller

The data controller responsible for your personal data is the legal entity that operates this store and website (referred to as “we”, “us”, or “our”). You can contact us using the details in the “Contact us” section at the end of this policy, or via our Contact page.

If you purchase from us, Shopify, Inc. and its affiliates process personal data on our behalf as a processor in connection with hosting our store and providing commerce infrastructure, according to Shopify’s role and agreements.

Personal data we collect

Depending on how you use the Services, we may collect:

  • Identity and contact data such as name, email address, phone number, billing or delivery address, and similar details you provide at checkout or in forms.
  • Transaction data such as products purchased, order value, payment status, and customer service correspondence.
  • Technical and usage data such as IP address, device and browser type, general location derived from IP, pages viewed, referring URLs, and timestamps. Some of this is collected automatically via cookies and similar technologies (see “Cookies”).
  • Marketing preferences where you sign up for a newsletter or opt in to marketing.
  • Account data if customer accounts are enabled on this store.

We do not intentionally collect special categories of personal data (such as health data) through this site unless you voluntarily include them in a free-text field; please avoid sending sensitive information unless we explicitly request it.

How we use personal data and lawful bases

Under the UK GDPR and the EU GDPR (as applicable), we rely on one or more of the following lawful bases:

  • Contract — to take steps at your request before entering a contract, to perform a purchase contract (including payment, delivery, and support), and to manage your relationship as a customer.
  • Legitimate interests — to operate, secure, and improve the Services; to prevent fraud; to analyse aggregated or pseudonymous usage; and to communicate with you about similar products where applicable law allows “soft opt-in” or equivalent. You may object to certain processing as described under “Your rights”.
  • Legal obligation — to comply with accounting, tax, or regulatory requirements.
  • Consent — where required for certain cookies, marketing emails, or other processing that is not strictly necessary. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
Sharing and subprocessors

We share personal data with service providers who assist us in operating this store, including where applicable:

  • Shopify — ecommerce platform, checkout, fraud analysis, and related infrastructure.
  • Payment providers — to process card and other payment methods.
  • Shipping and fulfilment partners — to deliver physical goods where relevant.
  • Email and customer messaging tools — to send transactional or marketing messages in line with your preferences.
  • Analytics and advertising partners — only if you have enabled such tools in this store; list the actual tools you use (for example Google Analytics, Meta Pixel) in your final version.

We require processors to protect personal data appropriately and to process it only on our instructions. We do not sell your personal data for money. If we use tools that involve “sharing” or targeted advertising under US state laws, describe that separately if your audience includes US residents.

International transfers

Shopify and some other providers may process data in the United Kingdom, the European Economic Area, the United States, and other countries. Where personal data is transferred from the UK or EEA to countries that have not received an adequacy decision, we rely on appropriate safeguards such as the UK International Data Transfer Agreement / Addendum or the EU Standard Contractual Clauses, supplemented as needed by technical and organisational measures.

You may request further information about transfers by contacting us.

Retention

We keep personal data only as long as necessary for the purposes described in this policy, including to satisfy legal, accounting, or reporting requirements. Typical retention examples (adjust to your practice): order and invoice records for a period required by tax law; marketing consent records until you withdraw consent; server logs for a limited security window.

When data is no longer needed, we delete or anonymise it.

Security

We use appropriate technical and organisational measures designed to protect personal data against accidental loss, unauthorised access, alteration, or disclosure. No method of transmission over the Internet is completely secure; we cannot guarantee absolute security.

Your rights

Depending on your location, you may have the following rights in relation to your personal data:

  • Right of access
  • Right to rectification
  • Right to erasure (“right to be forgotten”) in certain cases
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing based on legitimate interests or for direct marketing
  • Rights related to automated decision-making including profiling (if applicable)
  • Right to withdraw consent at any time where processing is based on consent

UK residents may lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk. EU residents may contact their local supervisory authority; a list is published by the European Data Protection Board.

To exercise your rights, contact us using the details below. We may need to verify your identity before responding.

Marketing and newsletters

If we send marketing communications, we will only do so where permitted by law—typically with your consent or under another lawful basis available in your jurisdiction. You can opt out at any time using the unsubscribe link in emails or by contacting us.

Transactional messages about your orders may still be sent where necessary to perform our contract with you.

Cookies and similar technologies

We use cookies and similar technologies to operate the store (for example cart and session cookies), to remember preferences, to measure performance, and—if configured—to support advertising or analytics.

Where required, we will obtain consent before non-essential cookies run, including via any cookie banner or preference centre you enable on this store. You should maintain a separate cookie policy or table if your setup is complex.

Children

The Services are not directed at children under 16 (or the age required in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete it.

Third-party websites

Our site may contain links to third-party websites (for example creators, tools, or platforms such as Squarespace). This policy does not apply to those sites. Please read their privacy notices before you provide personal data to them.

Changes to this policy

We may update this Privacy Policy from time to time. The “Effective date” at the top will change when we publish a new version. Material changes may require additional notice under applicable law.

Contact us

For privacy questions or requests, contact us through our Contact page or at the email address shown in your store settings.

Replace this paragraph with your registered business name, address, and company registration number if you are required to publish them.